employees' and customers' personal information. State Privacy Regulation Compliance Surveys State Privacy Regulation Surveys assess how companies and other types of organizationscurrently handle employee and consumer personal information as part of their effort to comply withstate privacy regulations. The Massachusetts Privacy Regulations Survey gathers comprehensive information that identifieswhat needs to be done to comply with the Massachusetts Privacy Regulations. The survey collectsa wide range of information from employees located in Massachusetts and across theU.S. Survey reports provide data about the handling of private customer and employeeinformation for the organization overall and for each organizational unit. Complying with the Massachusetts Privacy Regulations and other state privacy regulationsrequires knowing which employees in your organization receive, handle, store (including on-siteand 3rd party off-site storage), transmit and perform other processes with personal data inelectronic and paper formats. Companies are also required to know the sources and where, howand how frequently P.I. is received, handled, stored and transmitted. The Massachusetts PrivacyRegulations also require having control over document/data retention/destruction schedules wherepersonal information is included. You also need to know which automated and manual systemsare used for storing and transmitting personal info. State Privacy Regulation Surveys enable companies and other types of organizations to complywith federal and state privacy laws. The surveys help avoid costs and negative publicityassociated with breaches in personal information privacy due to P.I. theft and carelessnesson the part of employees while handling personal information of customers and employees. Massachusetts Privacy Regulations Compliance Deadlines · The general compliance deadline for 201 CMR 17.00 was extended from January1, 2009 to May 1, 2009. · The deadline for ensuring that third-party service providers are capable ofprotecting personal information and contractually binding them to do so will was extended fromJanuary 1, 2009 to May 1, 2009, and the deadline for requiring written certification from third-partyproviders will be further extended to January 1, 2010. · The deadline for ensuring encryption of laptops was extended from January 1,2009 to May 1, 2009, and the deadline for ensuring encryption of other portable devices wasextended to January 1, 2010. 201 CMR 17.00 - Answers to Frequently Asked Questions (FAQs) 1. Your information security program must be in writing. Everyone who stores or maintainspersonal information must have a written plan detailing the measures adopted to safeguard suchinformation.